Solution to Knockd won't work / open port in iptables

I had a struggle to get Portknocking with knockd to work on my Ubuntu 14.04 VPS. I've read and followed a lot of instructions, Ubuntus instruction among these. But nothing seemed to help me out here.

I did check my knockd log located to /var/log/knockd.log and the configuration for activating the knockd commands seemed to work. But I always ended up with "command returned non-zero status code (a number)"

So what I figured out that it had to do something with the start_command and stop_command that didn't do the job correctly. Everywhere I could read that you were "supposed to" control the IP tables by having e.g.

start_command = /sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT

If it was say to open up the SSH-default port 22. But that didn't work for me.
The first I did was to check if /sbin/iptables even existed and it didn't. No wonder why nothing happen with my iptables configuration...

So one solution to this was for me to create two shell script to configure the iptables for me.
I created a knock-open.sh containing this.

#!/bin/sh 

iptables -I INPUT 1 -s $1 -p tcp -m tcp --dport 22 -j ACCEPT

Then I created a knock-close.sh:

#!/bin/sh

iptables -D INPUT -s $1 -p tcp -m tcp --dport 22 -j ACCEPT

And my knockd.conf-file (/etc/knockd.conf), I configured it like this:

[options] 

logfile = /var/log/knockd.log 

[SSH] 

sequence      = 1212:udp,3861:tcp,8721:udp 

seq_timeout   = 5 

tcpflags      = syn 

start_command = sh /var/scripts/knock-open.sh %IP% 

cmd_timeout   = 20 

stop_command  = sh /var/scripts/knock-close.sh %IP%

So this did the trick for me. After restarting the daemon (service knockd restart) and knocking the sequence ports, iptables was now configured correctly and working with knockd.

I hope this solution helps someone out there who's struggling with knockd and iptables.

Delete all mails or selected mails in mbox in Linux Ubuntu

Every time you read a mail with the mail command in Linux terminal and you don't delete the mail - those read mails will be stored in an mbox-file located to /root/mbox (if root is the user). This file can get pretty big depending on how many e-mails you leave undeleted.

To view and delete all those in mbox you do this:

mail -f
d *

Where you tell with the -f flag to read all your stored emails and then followed by a delete command and the asterix (*) means everything. If you would like to just delete selected mails from your mbox you write d then followed by the mail number. E.g. I want to delete message number 15 from my mbox:

mail -f
d 15

Fix for rsyslog uses almost 100% CPU on OpenVZ system

If you ever get the problem with rsyslog for some reason use nearly 100% of the CPU all the time there may be some compatibility problem (probably a bug out of your control) with your system and rsyslog. Especially systems running on OpenVZ.

I had this problem with my VPS running Ubuntu 14.04.01 and on OpenVZ

A quick fix to prevent this for me was is to change the rsyslog.cnf-file by terminal:

sed -i -e 's/^\$ModLoad imklog/#\$ModLoad imklog/g' /etc/rsyslog.conf

You should restart the rsyslog-service to make the changes apply by:

service rsyslog stop
service rsyslog start

I hope this solve the problem for you.